graylog #3
Description
Installs the Graylog log management system. Connections to elasticsearch and mongodb are required for a fully functioning system. https://www.graylog.org/
- Tags:
- misc ›
Overview
The charm installs Graylog using the snap package.
Usage
juju deploy cs:~graylog-charmers/graylog
juju run-action --wait graylog/X show-admin-password
Graylog requires MongoDB to run and Elasticsearch to be useful.
juju deploy cs:~mongodb-charmers/mongodb
juju relate graylog:mongodb mongodb:database
juju deploy cs:~elasticsearch-charmers/elasticsearch
juju relate graylog:elasticsearch elasticsearch:client
You can then browse to http://ip-address:9000
and log in as the user "admin".
The password is by default a random value so juju run-action --wait graylog/X show-admin-password
must be run for
admin access to the installation.
Reverseproxy Relation
Graylog supports advertising its ports to an application acting as a reverseproxy using the http
relation. The port
of the webUI is exposed over the relation in the all_services
variable of the relation.
Note: For Graylog version 2, the API port is also exposed over the
http
relation. Graylog version 3 hard codes the/api/
location and uses the default port (9000) for both webUI and API.
More details on using this are in the reverseproxy instructions for the Apache2 charm.
Sample Graylog 2 vhost template for the apache2 charm:
$ cat graylog-vhost.tmpl
<Location "/">
RequestHeader set X-Graylog-Server-URL "http://{{servername}}/api/"
ProxyPass http://{{graylog_web}}/
ProxyPassReverse http://{{graylog_web}}/
</Location>
<Location "/api/">
ProxyPass http://{{graylog_api}}/api/
ProxyPassReverse http://{{graylog_api}}/api/
</Location>
Sample Graylog 3 vhost template for the apache2 charm:
$ cat graylog-vhost.tmpl
<Location "/">
RequestHeader set X-Graylog-Server-URL "http://{{servername}}/"
ProxyPass http://{{graylog_web}}/
ProxyPassReverse http://{{graylog_web}}/
</Location>
Now deploy and configure apache2 as your graylog reverse proxy:
juju deploy apache2
juju config apache2 "enable_modules='headers proxy_html proxy_http'"
juju config apache2 "vhost_http_template=$(base64 ./graylog-vhost.tmpl)"
juju expose apache2
juju relate apache2:reverseproxy graylog:website
Visit http://<apache2-public-ip>
to access the Graylog web interface.
Scale out Usage
The MongoDB and Elasticsearch applications can both be scaled up or down. Graylog will reconfigure itself as needed. The Graylog charm does not yet support clustering of multiple units.
Configuration
Depending on the Elasticsearch charm used, the cluster name may not be passed to Graylog. In this case, the
elasticsearch_cluster_name
config option should be set.
Upgrade
Graylog may be upgraded to a different snap version by setting the channel
config option. For example, switch to the
latest version 3 edge snap with the following:
juju config graylog channel='3/edge'
Note: When upgrading from Graylog version 2 to version 3, please consult the upgrade guide to ensure your environment meets the minimum requirements.
If a new channel
config option results in a new snap being installed, the charm will backup the previous
configuration file on the graylog unit in /var/snap/graylog/common/server.conf.$prev
. This may be useful if
graylog needs to be reverted to a previous version in the future.
Configuration
- beats_port
- (int) TCP port for Beats input when relation is joined
- 5044
- channel
- (string) Snap channel used to install/refresh the graylog snap. This option has no effect when a valid graylog.snap resource is attached.
- 2/stable
- elasticsearch_cluster_name
- (string) If the elastic search cluster name is not passed in the relation set it here.
- index_replicas
- (int) Number of Elasticsearch replicas used per index in this index set.
- index_retention_count
- (int) Maximum number of indices to keep before deleting the oldest ones
- 6
- index_rotation_msg_count
- (int) When rotation strategy is "msg_count", maximum number of documents in an index before it gets rotated
- 20000000
- index_rotation_period
- (string) When rotation strategy is "time" based, rotation period (ISO8601 Duration) - How long an index gets written to before it is rotated.
- P7D
- index_rotation_size
- (int) When rotation strategy is "size" based, maximum size of an index before it gets rotated. Defaults to 1073741824 (1GB).
- 1073741824
- index_rotation_strategy
- (string) Type of rotation strategy ("time" based, "size" based, no. messages "msg_count").
- time
- index_shards
- (int) Number of Elasticsearch shards used per index in this index set. Set this to '0' to let the charm automatically calculate based on how many Elasticsearch units.
- 2
- jvm_heap_size
- (string) JVM Heap memory size (default 1G)
- 1G
- log_inputs
- (string) YAML-formatted list of log inputs. First input gets passed through relations. Any input not defined here will be removed unless it is prefixed with "Custom" in the title.
- nagios_context
- (string) Used by the nrpe-external-master subordinate charm. A string that will be prepended to instance name to set the host name in nagios. So for instance the hostname would be something like: juju-myservice-0 If you're running multiple environments with the same services in them this allows you to differentiate between them.
- juju
- nagios_servicegroups
- (string) A comma-separated list of nagios servicegroups. If left empty, the nagios_context will be used as the servicegroup.
- nagios_uncommitted_crit
- (int) Number of journaled uncommitted messages that will generate a nagios CRITICAL alert
- 2048
- nagios_uncommitted_warn
- (int) Number of journaled uncommitted messages that will generate a nagios WARN
- 1024
- rest_transport_uri
- (string) If set, this will be promoted in the cluster discovery APIs. You will need to define this if your Graylog server is running behind a HTTP proxy that is rewriting the scheme, host name, or URI. This must not contain a wildcard address (0.0.0.0). For Graylog 2, this usually takes the form http://10.0.0.1:9001/api/. For Graylog 3 and higher, this is known as the 'http_publish_uri' and looks like http://10.0.0.1:9000/.
- snap_proxy
- (string) DEPRECATED. Use snap-http-proxy and snap-https-proxy model configuration settings. HTTP/HTTPS web proxy for Snappy to use when accessing the snap store.
- snap_proxy_url
- (string) DEPRECATED. Use snap-store-proxy model configuration setting. The address of a Snap Store Proxy to use for snaps e.g. http://snap-proxy.example.com
- snapd_refresh
- (string) How often snapd handles updates for installed snaps. The default (an empty string) is 4x per day. Set to "max" to check once per month based on the charm deployment date. You may also set a custom string as described in the 'refresh.timer' section here: https://forum.snapcraft.io/t/system-options/87
- web_endpoint_uri
- (string) If set, this will be published as the external address for connecting to the REST API of the Graylog server. Web interface clients need to be able to connect to this for the web interface to work. In version 2, Graylog will set the default value to 'rest_transport_uri' if defined; otherwise it will select the first non-loopback IPv4 address on port 9001. Example: http://10.0.0.1:9001/ In version 3, Graylog refers to this option as 'http_external_uri' with the default value being 'rest_transport_uri' if defined; otherwise it will select the first non-loopback IPv4 address on port 9000. Example: http://10.0.0.1:9000/
- web_listen_uri
- (string) The uri the web interface will be available at. In version 3 and higher, this is used for and converted to the appropriate format for the 'http_bind_address' config value.
- http://0.0.0.0:9000/